The sharing of cybersecurity information across government has improved, especially when private sector companies report attacks directly to the FBI, said Principal Deputy National Cyber Director Kemba Walden on Wednesday.
The FBI is looped in more quickly when cyber incidents are reported, Walden said, during CrowdStrike’s Fal.Con 2022 cybersecurity conference in Las Vegas. And while the information may be used in investigations, it’s also shared among operational agencies including the Cybersecurity and Infrastructure Security Agency to identify and attribute the criminal actor responsible, and where possible help the victim rebuild critical infrastructure and recover assets.
Information sharing really started to improve with the signing of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in March and subsequent convening of the Cyber Incident Reporting Council in July, Walden said.
“My hope — and I think I’m seeing this happen in a better way — is that the victim company contacts the FBI right away, and if not the FBI, then CISA or the police,” Walden said. “But contacting the FBI, we’re seeing more federal cohesion on the back end.”
Funds for the Office of the National Cyber Director were only appropriated in November, but the policy and strategy entity is responsible for connecting all the operational cyber agencies governmentwide. That means improving agencies’ cohesion and working with the Office of Management and Budget to ensure they’re adequately funded to achieve cyber aspirations.
When the Biden administration was preparing to sanction Russia over its invasion of Ukraine, ONCD helped ensure classified cyber information was downgraded, so it could be provided to the financial sector so companies could protect their networks.
“We need to scale that,” Walden said.
“Ultimately we’re focused on shifting the burden of risk, providing more responsibility — both in the federal government and those enterprises in the private sector that can bear that risk — but also focused on future resilience,” she said.
Tech companies can assist ONCD in that regard by adopting a resilience-by-design approach with their products to protect against basic supply chain vulnerabilities, allowing agencies to focus on bigger challenges, Walden said.
President Biden’s executive order on securing the supply chain issued in February 2021 further included a review of the federal procurement process and cyber incentives.
“Those are the types of concepts that we are trying to infect everyone with,” Walden said.